exploiting
-
Blog
Surge in attacks exploiting old ThinkPHP and ownCloud flaws
Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. Threat monitoring platform GreyNoise is reporting spikes in actors leveraging CVE-2022-47945 and CVE-2023-49103 that affect ThinkPHP Framework and the open-source ownCloud solution for file sharing and syncing. Both vulnerabilities have critical severity and can be exploited to execute arbitrary…
Read More » -
Blog
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFA
Hackers are targeting organizations around the world that rely on Microsoft’s Active Directory Federation Services (ADFS) secure access system in an ongoing phishing campaign, according to new research. Analysis from Abnormal Security describes how Microsoft’s ADfS, a legacy single-sign-on (SSO) solution that allows employees to use one set of credentials to authenticate across multiple applications and environments, is being mimicked…
Read More » -
Blog
Hackers exploiting flaws in SimpleHelp RMM to breach networks
Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. The flaws, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow threat actors to download and upload files on devices and escalate privileges to administrative levels. The vulnerabilities were discovered and disclosed by Horizon3 researchers two weeks ago. SimpleHelp released…
Read More » -
Blog
Researchers sound alarm over hackers exploiting critical ProjectSend vulnerability
Researchers have warned that threat actors are actively exploiting a critical vulnerability in a widely-used open source file sharing app. A report from vulnerability intelligence platform VulnCheck warned that potentially thousands of instances of ProjectSend are impacted by a serious flaw rated 9.8 on the CVSS. ProjectSend is an open source file sharing web application used by businesses to securely…
Read More » -
Blog
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
New research by cybersecurity firm Mandiant provides eyebrow-raising statistics on the exploitation of vulnerabilities by attackers, based on the analysis of 138 different exploited vulnerabilities that were disclosed in 2023. The findings, published on Google Cloud’s blog, reveals that vendors are increasingly being targeted by attackers, who are continually reducing the average time to exploit both zero-day and N-day vulnerabilities.…
Read More » -
Blog
Hackers are exploiting critical bug in LiteSpeed Cache plugin
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. The security issue is tracked as CVE-2024-28000 and allows escalating privileges without authentication in all versions of the WordPress plugin up to 6.3.0.1. The vulnerability stems from a weak hash check in…
Read More »